Main Vulnerability Database SB2026021318

SB2026021318 - Ubuntu update for nginx

Published: February 13, 2026

Security Bulletin ID SB2026021318

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Acceptance of extraneous untrusted data with trusted data (CVE-ID: CVE-2026-1642)

CWE-ID: CWE-349 - Acceptance of Extraneous Untrusted Data With Trusted Data

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to incorrect handling of trusted and untrusted data when configured to proxy to upstream Transport Layer Security (TLS) servers. A remote unauthenticated attacker with an MITM position on the upstream server side can inject plain text data into the responses from an upstream proxied server and send them to clients.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-8038-1